Tekst.ai helps companies in boosting their customer support. This is only possible if our software can be a safe and reliable place for your data. That’s why information security is a top priority for us. On this page you find more information on how we guarantee security and relability for your data.
For general questions about our system, infrastrucutre or information security, please reach out to email@example.com. For inquiries related specific to data protection and privacy you can contact our DPO Office at firstname.lastname@example.org
IsTekst.ai always up and running?
Tekst.ai always strives to have as much uptime as possible. Our uptime is closely monitored for all our microservices. In case of an incident or downtime our team receives realtime notifications and starts handling this with the highest urgency.
What if there is downtime?
In the case of a technical hickup the status can be clearly followed at our statuspage. We do everything in our power to have an open line of communication about the status of the issue and resolve the issue as fast as possible.
Data and GDPR
A secure and isolated environment is provided for all of our customers. This means that your data is never combined with that of other customers and your data is only used to provide custom models for yourself. All data is encrypted in transit (SSL/HTTPS) and at rest (AES).
The cloud is only used in a streaming fashion and any personal identifiable information (PPI) is never stored on the cloud. In the cloud we only store anonymized versions of your data and metrics. We only process the minimal amount of data that is needed, for example we immediatly discard attachments if this is not needed for a prediction.
In case if there is personal identifiable information needed that has to be stored then this is never stored in the cloud, only “cold” and not accessible over the internet.
Data retention policies can also be custom changed, this allows you to not only follow GDPR in data handling but also your own company’s policies.
Tekst.ai builds upon Amazon Web Services (AWS) their infrastructure. We utilize datacenters in Ireland and Paris, only systems inside of the EU are used. On customer request other datacenters are possible as well.
Our systems are often tested to make sure they are always using the latest practice. Because we use AWS datacenters our infrastructure is accredited for:
- SOC 1 / ISAE 3402
- SOC 2
- SOC 3
- FISMA, DIACAP, and FedRAMP
- CSM Levels 1-5
- PCI DSS Level 1
- ISO 9001 / ISO 27001
More info on AWS security can be found here.
Due to the fact that we all our code lives in containers this makes it possible to 1) easily scale our infrastructure and 2) be platform independent. On a customer’s request it is possible to foresee a deployment on Microsoft Azure.
The core is available through HTTPS only. Authentication and authorization are provided through the OAuth 2.0 protocol, which allows for secure and scoped access to different functionalities offered by the product. We use the system of least privilege in which everyone only has access to exact the resources they should be able to access.
Authentication is provided by Auth0, which has attained broad information security certification as well.
With our product improving everyday there is a strong emphasize on delivering quality. There are numerous secure development procedures in place of which the following;
- Leveraging broad unit, integration and end-to-end tests.
- Lot of vulnerability scanners and linters, allowing us to only deliver secure code that exhibits our quality.
- Strict code reviews for every addition or change to the codebase.
Secure development does not stop after delivery. We have a strong monitoring base put in production that allows us to detect any remaining options for improvement. In case of an issue related to security or availability the team is notified of this together with the corresponding logs and traces. This allows our team to resolve these issues quickly.
Since our start we are actively encouraging users to report bugs and security issues. This way they can help in securing and improving our smart routing. All cases are processed and answered as fast as possible.